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(54) [TITLE OF THE INVENTION] LOCAL AREA NETWORK 
(57) [ABSTRACT] 

[OBJECT] To enable data to be encrypted and transmitted/received between 
terminal devices without encrypting and decoding the data between the 
respective terminal devices. 

[CONSTITUTION] An encryption server SI converts original data 
transmitted from a node A as a terminal device of a transmitting source of an 
IP network NET-1 into encrypted data so as to return to the node A, and the 
node A transmits the encrypted data to a node C as a terminal device of a 
transmitting source of an IP network NET- 3. On the other hand, an 
encryption server S2 decrypts and restores the encrypted data transmitted 
from the node C as the terminal device of a receiving destination of the IP 
network NET- 3 into original data so as to return it to the node C. 
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[CLAIMS] 

[Claim 1] A local area network where a plurality of terminal devices are 
connected by a network so that data can be transmitted/received between the 
terminal devices, the network comprising an encryption server having a unit 
5 for converting original data transmitted from the terminal device of a 

transmitting source into encrypted data so as to return it to the terminal 
device as the transmitting source, decrypting the encrypted data transmitted 
from the terminal device of a receiving destination and restoring it into the 
original data so as to return the original data to the terminal device of the 

10 receiving source. 

[Claim 2] A local area network where a plurality of networks is connected so 
that data can be transmitted/received between a plurality of terminal devices, 
each of the networks comprising an encryption server having a unit for 
converting original data transmitted from a terminal device of a transmitting 

15 source into encrypted data so as to transmit the encrypted data to a terminal 
device of a receiving destination of different network, decrypting the 
encrypted data received from different network and restoring it into the 
original data so as to transmit the original data to the terminal device of the 
receiving destination. 

20 [Claim 3] The local area network according to claim 1, wherein 

each of the terminal devices has a unit for transmitting an encryption 
key necessary for encrypting or decrypting data to the encryption server, 

the encryption server has a unit for encrypting or decrypting the data 
based on the encryption key received from each of the terminal devices. 

25 [Detailed Description of the Invention] 
[0001] 

[Field of Industrial Application] The present invention relates to a local area 

2 
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network for connecting a plurality of terminal devices via the network. 
[0002] 

[Prior Art] Conventionally, in a local area network (hereinafter, " LAN") 
complying with standards of Ethernet or IEEE802.3, in order to keep secret of 
5 the contents of packets transmitted/received between respective terminal 
devices (hereinafter, "nodes"), the contents of the packets to be transmitted 
from on a node on a transmitting side are encrypted by a predetermined 
encryption system so as to be transmitted to a node of a destination node, and 
the received and encrypted packets are decrypted and restored into original 

10 data contents on the node on receiving side of the destination. 

[0003] The encryption system is a technique that converts information 
understandable by anybody into meaningless code texts based on a 
predetermined encryption key (simply "key"), and decrypts the code texts 
using the same encryption key used in the encryption so as to restore them 

15 into the original information (referred to as "decoding"). 

[0004] In general, a common key encryption system such as a DES encryption 
method and an FEAL encryption method complying with standard encryption 
are known as the encryption system. In the common key encryption system, 
identical encryption key and decoding key are shared between transmitters 

20 and receivers, and data are encrypted and decoded (restored) by using the 
common key. 
[0005] 

[Problem to be Solved by the Invention] However, since the encryption of 
packets for keeping communication secrets is not standardized in the above 
25 conventional LAN, the contents of the packets should be encrypted at a node 
on a transmitting side so as to be transmitted, and the encrypted data 
contents of the received packets should be decrypted so as to be restored into 

3 
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the original data at a node on a receiving sides. 

[0006] Therefore, a processing load is put on the respective nodes, and further 
when the encryption key and the encryption system (decryption method) are 
changed, the settings of all the nodes on LAN should be changed. This is very 
5 inconvenient. 

[0007] Further, in a local network environment, since a network is in a 
managed state or is easily managed, reliability of the network is high. 
However, communication is enabled between a plurality of terminal devices in 
a plurality of networks via an external network, routes of networks through 
10 which data are transmitted/received and reach a destination cannot be 

obtained. For this reason, there arises a problem that the data contents may 
be intercepted by outsiders on such routes. 

[0008] The present invention is devised in view of the above point, and its 
object is to enable data to be encrypted and transmitted/received between 
15 terminal devices without encrypting and decoding in the respective terminal 
devices. 
[0009] 

[Means for Solving the Problem] In order to achieve the above object, the 
present invention provides a local area network where a plurality of terminal 

20 devices is connected by a network so that data can be transmitted/received 
between the terminal devices, the network comprising an encryption server 
having a unit for converting original data transmitted from the terminal 
device of a transmitting source into encrypted data so as to return it to the 
terminal device as the transmitting source, decrypting the encrypted data 

25 transmitted from the terminal device of a receiving destination and restoring 
it into the original data so as to return the original data to the terminal device 
of the receiving source. 
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[0010] Further, the invention provides a local area network where a plurality 
of networks is connected so that data can be transmitted/received between a 
plurality of terminal devices, each of the networks comprising an encryption 
server having a unit for converting original data transmitted from a terminal 
5 device of a transmitting source into encrypted data so as to transmit the 
encrypted data to a terminal device of a receiving destination of different 
network, decrypting the encrypted data received from different network and 
restoring it into the original data so as to transmit the original data to the 
terminal device of the receiving destination. 

10 [0011] Further, in the above local area network, each of the terminal devices 
has a unit for transmitting an encryption key necessary for encrypting or 
decrypting data to the encryption server, and the encryption server has a unit 
for encrypting or decrypting the data based on the encryption key received 
from each of the terminal devices. 

15 [0012] 

[Function] In the local area network of the present invention, the encryption 
server provided to the network converts original data transmitted from the 
terminal device of the transmitting source into encrypted data and returns it 
to the terminal device of the transmitting source, decrypts the encrypted data 

20 transmitted from the terminal device of the receiving destination so as to 

restore it into the original data, and returns the original data to the terminal 
device of the receiving destination. For this reason, the data can be 
encrypted and transmitted/received between the terminal devices without 
encrypting and decrypting the data in the respective terminal devices. 

25 [0013] Further, each of the encryption servers provided to a plurality of 
connected networks convert original data transmitted from the terminal 
device of the transmitting source into encrypted data so as to transmit it to a 
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terminal device of the receiving destination in different network, and decrypts 
the encrypted data received from the different network so as to restore it into 
the original data, and transmits the original data to the terminal device of the 
receiving destination. For this reason, the data can be encrypted and 
5 transmitted/received between terminal devices in the respective networks 
without encrypting and decoding the data in the respective terminal devices. 
[0014] Further, each of the terminal devices transmits an encryption key 
necessary for encrypting and decrypting data to the encryption server, the 
encryption server encrypts or decrypts the data based on the encryption key 
10 received from each of the terminal devices. As a result, the encryption and 
decoding can be performed according to the encryption method based on the 
encryption key. 
[0015] 

[Embodiments] Embodiments of the present invention are described 
15 concretely below with reference to drawings. Fig. 1 is a diagram illustrating 
a system structure of a local area network (LAN) according to one embodiment 
of the present invention. This local area network uses a TCP/IP protocol. 
This local area network includes three IP networks NET-1, NET-2 and 
NET-3. 

20 [0016] The IP network NET-1 is connected to terminal devices (nodes) A and B 
containing a microcomputer composed of CPU, ROM and RAM, and is 
connected to an encryption server SI that is one kind of a terminal device 
having a microcomputer and encrypts and decrypts (restores) data of the 
nodes A and B, and is connected to a router (referred to as "gateway") Rl for 

25 routing a packet between two networks. 

[0017] Further, the IP network NET-2 is connected to routers R2 and R3 for 
routing a packet between two networks. Further, the IP network NET-3 is 

6 

PHIP/ 818570.1 



connected to a node C containing a microcomputer, and is connected to an 
encryption server S2 that is one kind of a terminal device containing a 
microcomputer and encrypts and decrypts (restores) data of the node C. The 
IP network NET- 3 is connected to a router R4 for routing a packet between 
5 two networks. 

[0018] The routers Rl and R2 are connected by a network NET- 4, and the 
routers R3 and R4 are connected by a network NET- 5, so that data can be 
transmitted/received between the nodes A, B and C of the IP networks NET-1 
and NET-3. At this time, the encryption servers SI and S2 can encrypt the 
10 data and can decode the received encrypted data (referred to as "encrypted 
communication"). 

[0019] The encryption servers SI and S2 have a unit for converting original 
data transmitted from a terminal device of a transmitting source into 
encrypted data so as to return the encrypted data to the terminal device of the 

15 transmitting source, and decrypting the encrypted data transmitted from a 
terminal device of a receiving destination and restoring it into the original 
data so as to return the original data to the terminal device of the receiving 
destination. In this case, the same encryption key and the same encryption 
algorithm are used for the encryption and the decryption. 

20 [0020] Fig. 2 is a flowchart illustrating a flow of data when encrypted 

communication is held from the node A of the IP network NET-1 to the node C 
of the IP network NET-3. The case where an encryption key (key code) of the 
encryption servers SI and S2 is fixed is described. 

[0021] At first, at the time of initialization, the node A registers an address of 
25 the encryption server Si in the local area network, and the node C registers an 
address of the encryption server S2 in the local area network. 
[0022] When transmission for one packet is requested, the node A sets an 

7 

PHIP/ 818570.1 



"encryption request flag" for the encryption server SI, so as to transmit raw 
data. The encryption server SI encrypts the raw data received from the node 
A using an encryption key according to a preset encryption method, and sets 
an "encrypted flag" so as to return the data to the node A. 
5 [0023] The node A adds information representing the encrypted data to the 
encrypted data received from the encryption server SI, and transmits 
(transfers) the encrypted data to the node C of the IP network NET-3. The 
information representing the encrypted data may he stored in a header 
section of the packet. 

10 [0024] On the other hand, the node C checks the header section of the packet 
received from the node A, and when the information representing the 
encrypted data is stored, it determines that the packet is the encrypted data. 
The node C sets a "decryption request flag" for the encrypted data, and 
transfers the encrypted data to the encryption server S2. The encryption 

15 server S2 decrypts and restores the encrypted data received from the node C 
using the encryption key, and sets a "decrypted flag" so as to return the 
restored data to the node C. The node C acquires the restored data from the 
encryption server S2. 

[0025] In such a manner, the encryption servers for encrypting and decrypting 
20 data are provided to respective networks, and the encryption servers 
collectively encrypt and decrypt data transmitted/received to/from the 
respective terminal devices on the networks. For this reason, each of the 
respective terminal devices does not have to encrypt and decrypt the data. 
[0026] Fig. 4 is a diagram illustrating a format of the IP header of the packet, 
25 and Fig. 5 is a diagram illustrating a format of an "Options" field of the IP 
header. The encryption request flag, the encrypted flag, the decryption 
request flag and the decrypted flag are defined on an option area of the 
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"Options" field of the IP header. 

[0027] Table 1 is a table illustrating one example of option data, and 
respective flags are, for example, the encryption request flag "0", the 
encrypted flag "1", the decryption request flag "3" and the decrypted flag "4". 



5 [0028] 
[Table 1] 



Class 


Number 


Length 


Function 


0 


0 


1 


End of Option List 


0 


1 


1 


NOP (No Operation) 


0 


2 


11 


Restriction on Security and Process 


0 


3 


Variable 


Loose Source Routing 


0 


9 


Variable 


String Source Routing 


0 


7 


Variable 


Record Route 


0 


8 


4 


Stream Identifier 


2 


4 


Variable 


Time Stamp 


1 


1 


1 


Flag 

0: Encryption Request 
1: Decryption Request 
2: Encrypted 
3: Decrypted 



[0029] An example where when the encrypted communication is held from the 
node A of the IP network NET-1 to the node C of the IP network NET-3, an 
encryption key for encrypting and decrypting data is transmitted to the 
10 encryption servers Si and S2 is described below. 

[0030] In this case, the nodes A and C have a function for transmitting the 
encryption key for encrypting or decrypting data to the encryption servers Si 
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and S2. The encryption servers SI and S2 have a function for performing the 
encryption and decryption methods using a plurality of encryption keys, and 
they encrypt and decrypt data using the encryption keys transmitted from the 
nodes A and C. 

5 [0031] At first, the node A holds initialization communication that 

standardizes an encryption key necessary for exchanging encrypted data with 
the node C. This initialization communication provides the encryption key of 
the same encryption method to the nodes A and C. 

[0032] When original data is transmitted from the node A to the encryption 
10 server SI, the encryption key is attached, and the encryption server SI 

encrypts the original data using the encryption key. Further, at the time of 
decrypting the encrypted data, the node C attaches the encryption key when 
requesting the encryption server S2 to decrypt the encrypted data, and the 
encryption server S2 restores the encrypted data using the encryption key. 
15 The encryption key is defined in "option data" of the IP header shown in Figs. 
4 and 5, for example. 

[0033] When transmission request of one packet is generated, the node A sets 
the "encryption request flag" for the encryption server SI, and transmits raw 
data together with the encryption key. The encryption server SI encrypts the 

20 raw data received from the node A according the encryption method using the 
encryption key, sets the "encrypted flag" and returns the data to the node A. 
The node A transmits (transfers) the encrypted data received from the 
encryption server SI to the node C of the IP network NET- 3. 
[0034] On the other hand, when the node C receives the encrypted data from 

25 the node A, it sets the "decryption request flag" and transmits the encrypted 
data as well as the encryption key to the encryption server S2. The 
encryption server S2 restores the encrypted data received from the node C 
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according to the decryption method using the encryption key, and sets the 
"decrypted flag" so as to return the restored data to the node C. The node C 
obtains the restored data from the encryption server S2. Therefore, in this 
LAN, a key code is variable. 
5 [0035] An example, that when the encrypted communication is held from node 
A of the IP network NET-1 to the node B, the encryption key for encrypting 
and decrypting data is transmitted to the encryption server SI, is described 
below. 

[0036] When transmission request for one packet is generated, the node A sets 
10 the "encryption request flag" for the encryption server SI, and transmits raw 
data as well as an encryption key. The encryption server SI encrypts the raw 
data received from the node A according to the encryption method using the 
encryption key, and sets the "encrypted flag" so as to return the data to the 
node A. The node A transmits (transfers) the encrypted data received from 
15 the encryption server SI to the node B. 

[0037] On the other hand, when the node B receives the encrypted data from 
the node A, it sets the "decryption request flag" and transfers the encrypted 
data as well as the encryption key to the encryption server Si. The 
encryption server SI restores the encrypted data received from node B 
20 according to the decryption method using the encryption key, and sets the 

"decrypted flag" so as to return the restored data to the node B. The node B 
obtains the restored data from the encryption server SI. 

[0038] In such a manner, when each terminal device requests the encryption 
server to encrypt and decrypt data, each of them transmits the encryption key 
25 necessary for the encryption and decryption together with the data, and the 
encryption server encrypts and decrypts the data according to the encryption 
method using the encryption key. For this reason, each of the terminal 
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devices can easily utilize the data transmission/reception according to various 
encryption methods. Further, since each node can freely set an encryption 
key and can select the encryption method for data, the secrecy of the data 
communication can be further heightened. 
5 [0039] An example of the encrypted communication when a network routing 
function is provided to the encryption server is described below. The network 
structure in this case is the same as that of the local area network shown in 
Fig. 1, but the functions of the nodes A, B and C and the encryption servers SI 
and S2 are slightly different. 

10 [0040] The encryption servers SI and S2 in this example has a unit for 
converting original data transmitted from the terminal device of the 
transmitting source into encrypted data so as to transmit the encrypted data 
to the terminal device of the receiving destination in different network, and 
decrypting the encrypted data received from another network so as to restore 

15 it into the original data and transmit it to the terminal device of the receiving 
destination. 

[0041] Therefore, a network routing function (router) of a network layer is 
provided to the encryption servers SI and S2, and the encryption server SI 
functions as a node that is a substitute for the node A at which ARP is 

20 implemented. 

[0042] In an IP network, a plurality of routers can be provided to one network, 
and in actual communication, a physical address (MAC address) is obtained 
from an IP address according to an address resolution protocol (ARP), and a 
communication destination is specified by the physical address so that 

25 communication is held (data link layer). Normally, the physical address that 
is returned from the communication destination is used, but a different node 
can return it. This is called as the substitute ARP. 
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[0043] Each network is provided with an encryption server having a network 
router function and a substitute response function for receiving a packet 
instead of a receiving node. A transmitting node of the network on a 
transmitting side sends only data whose communication secret is desired to be 
5 kept to the encryption server, and encryption server converts the data into the 
encrypted data so as to transmit the data to a network of a receiving 
destination of this data using the network router function. 
[0044] On the other hand, the encryption server of the network on the 
receiving side receives the packet (encrypted data) transmitted from the 
10 network on the transmitting side using the substitute response function for 
receiving the packet instead of the receiving node, and restores the packet so 
as to transmit the restored data to the receiving node. 

[0045] Fig. 3 is a flow chart illustrating a flow of data when the encrypted 
communication is held between the node A of the IP network NET-1 to the 

15 node C of the IP network NET-3. The case where an encryption key (key 
code) of the encryption servers SI and S2 is fixed is described. 
[0046] The node A registers an address of the encryption server SI of the local 
area network at the time of initialization, and the encryption server SI is used 
as a default router for carrying out substitute transmission/reception. 

20 Further, the node C registers an address of the encryption server S2 of the 

local area network at the time of initialization, and the encryption server S2 is 
used as a default router for carrying out substitute transmission/reception. 
[0047] Therefore, the encryption server SI intercepts the data to be 
transmitted to the node A as the substitute ARP of the node A, and similarly 

25 the encryption server S2 functions as the node for implementing the 

substitute ARP of the node C to intercept the data to be transmitted to the 
node C. 
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[0048] At the time of the data transmission from the node A to the node C, the 
node A transmits raw data to the encryption server SI. The encryption 
server SI encrypts the raw data and sets the "encrypted flag" so as to transmit 
the encrypted data to the router Rl. The encrypted data is transmitted to the 
5 routers Rl, R2, R3 and R4 in this order, and then to the encryption server S2 
substitute for the node C. 

[0049] The encryption server S2 receives and decrypts the encrypted data, and 
finally transmits it to the node C. The node C receives the encrypted data 
transmitted by the node A from the encryption server S2 as the restored data. 

10 [0050] As to the routing function of the encryption server SI according to the 
second embodiment, it is only necessary to transmit all received packets to the 
router Rl. As to the routing function of the encryption server S2, it is only 
necessary to transmit all received packets to the router R2. 
[0051] In such a manner, in the case of the packet communication between a 

15 plurality of networks, namely, in the case where data is sent to a receiving 
destination node of an external network, when the node on the transmitting 
side specifies the receiving destination node and transmits data whose 
communication secret is desired to be kept to the encryption server, the 
encryption server directly communicates with the network of the receiving 

20 destination node. 

[0052] Therefore, the node on the transmitting side does neither request the 
encryption server to encrypt data nor transmit the encrypted data to the 
receiving destination node, so that the exchange of the data with the 
encryption server can be simplified. That is to say, the time and traffic for 

25 one reciprocation required for exchanging the data between the node and the 
encryption server can be saved, and the processing load on the node on the 
transmitting side can be reduced, thereby securing the high-speed 
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performance and efficiency of the data communication. 
[0053] The node on the receiving side can receive the encrypted data 
transmitted from the node on the transmitting side hy the encryption server 
connected to a self network as the restored data. For this reason, the time 
5 and traffic for one reciprocation required for exchanging the data between the 
node and the encryption server can be saved similarly, and the processing load 
put on the node on the receiving side can be saved, thereby securing the 
high-speed performance and efficiency of the data communication. 
[0054] 

10 [Effect of the Invention] As described above, in the local area network 

according to the present invention, the encryption and decoding of data are 
performed not by each terminal device of the network but by the encryption 
server in a centralized manner. For this reason, the processing load put on 
each terminal device can be reduced, and it is only necessary to change the 

15 settings of the encryption server at the time of changing the encryption key 
and the encryption method in the network. As a result, a complicated 
operation for changing the settings of each terminal device does not have to be 
performed, and thus the network can be easily managed. 

[0055] When the communication can be held between the terminal devices in 
20 a plurality of networks via an external network, even if data is 

transmitted/received through any network routes, the data contents are not in 
danger of being intercepted by outsiders on such routes. 

[0056] Further, each terminal device in the networks transmits an encryption 
key necessary for the encryption or decryption of data to the encryption server, 
25 and the encryption server encrypts or decrypts the data based on the 

encryption key received from each terminal device, so that various encryption 
methods can be easily utilized. 
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[Brief Description of the Drawings] 

[Fig. 1] Fig. 1 is a diagram illustrating a system structure of a local area 
network (LAN) according to one embodiment of the present invention. 
[Fig. 2] Fig. 2 is a flowchart illustrating a flow of data when encrypted 
5 communication is held from a node A to a node C in Fig. 1. 

[Fig. 3] Fig. 3 is a flowchart illustrating a flow of data when the encrypted 
communication is held from the node A to node C by using a routing function 
of encryption servers SI and S2 in Fig. 1. 

[Fig. 4] Fig. 4 is a diagram illustrating a format of an IP header of a packet 
10 transmitted/received between the nodes. 

[Fig. 5] Fig. 5 is a diagram illustrating a format of an "Options" field of the IP 
header. 

[Explanations of Letters or Numerals] 
A to C: terminal device (node) 
15 SI, S2: encryption server 
Rl to R4: Router 
NET-1 to NET-3: IP network 
NET-4, NET- 5: network 

20 FIG. 1 

1: ENCRYPTION SERVER 

2: NODE 

3: ROUTER 

FIG. 5 
25 1: OPTION TYPE 

2: OPTION LENGTH 

3: OPTION DATA 
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FIG. 2 

1: NODE A 

2: ENCRYPTION SERVER Si 
3: NODE C 
5 4: INITIALIZE 

5: REGISTER ADDRESS OF ENCRYPTION SERVER S2 OF LOCAL 
NETWORK 

6: ENCRYPTION SERVER S2 
7: INITIALIZE 

10 8: REGISTER ADDRESS OF ENCRYPTION SERVER Si OF LOCAL 
NETWORK 

9: TRANSMIT ONE PACKET 

10: SET ENCRYPTION REQUEST FLAG FOR PACKET HEADER 
11: TRANSMIT TO ENCRYPTION SERVER Si 
15 12: RECEIVE 
13: ENCRYPT 

14: SET ENCRYPTED FLAG 
15: TRANSMIT TO NODE A 
16: TRANSMIT TO NODE C 
20 17: WHILE PASSING THROUGH EXTERNAL NETWORK, DATA IS 
BEING ENCRYPTED. 

18: TRANSMIT TO ENCRYPTION SERVER S2 
19: SET DECRYPTION REQUEST FLAG 
20: DECRYPT 
25 21: SET DECRYPTED FLAG 
22: TRANSMIT TO NODE C 
FIG. 3 
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1: NODE A 

2: ENCRYPTION SERVER Si 
3: ENCRYPTION SERVER S2 
4: NODE C 

5 5: AT THE TIME OF INITIALIZATION: USE DEFAULT ROUTER AS 
ENCRYPTION SERVER Si 
6: TRANSMIT 

7: TRANSMIT TO ENCRYPTION SERVER Si 

8: RECEIVE 
10 9: ENCRYPT 

10: SUBSTITUTE RECEPTION OF NODE C 

11: DATA IN THIS ZONE IS ENCRYPTED. 

12: EXTERNAL NETWORK 

13: DECRYPT 
15 14: TRANSMIT TO NODE C 

15: END 
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(54) [TITLE OF THE INVENTION] LOCAL AREA NETWORK 
(57) [ABSTRACT] 

[OBJECT] To enable data to be encrypted and transmitted/received between 
terminal devices without encrypting and decoding the data between the 
respective terminal devices. 

[CONSTITUTION] An encryption server SI converts original data 
transmitted from a node A as a terminal device of a transmitting source of an 
IP network NET-1 into encrypted data so as to return to the node A, and the 
node A transmits the encrypted data to a node C as a terminal device of a 
transmitting source of an IP network NET- 3. On the other hand, an 
encryption server S2 decrypts and restores the encrypted data transmitted 
from the node C as the terminal device of a receiving destination of the IP 
network NET- 3 into original data so as to return it to the node C. 
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[CLAIMS] 

[Claim 1] A local area network where a plurality of terminal devices are 
connected by a network so that data can be transmitted/received between the 
terminal devices, the network comprising an encryption server having a unit 
5 for converting original data transmitted from the terminal device of a 

transmitting source into encrypted data so as to return it to the terminal 
device as the transmitting source, decrypting the encrypted data transmitted 
from the terminal device of a receiving destination and restoring it into the 
original data so as to return the original data to the terminal device of the 

10 receiving source. 

[Claim 2] A local area network where a plurality of networks is connected so 
that data can be transmitted/received between a plurality of terminal devices, 
each of the networks comprising an encryption server having a unit for 
converting original data transmitted from a terminal device of a transmitting 

15 source into encrypted data so as to transmit the encrypted data to a terminal 
device of a receiving destination of different network, decrypting the 
encrypted data received from different network and restoring it into the 
original data so as to transmit the original data to the terminal device of the 
receiving destination. 

20 [Claim 3] The local area network according to claim 1, wherein 

each of the terminal devices has a unit for transmitting an encryption 
key necessary for encrypting or decrypting data to the encryption server, 

the encryption server has a unit for encrypting or decrypting the data 
based on the encryption key received from each of the terminal devices. 

25 [Detailed Description of the Invention] 
[0001] 

[Field of Industrial Application] The present invention relates to a local area 
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network for connecting a plurality of terminal devices via the network. 
[0002] 

[Prior Art] Conventionally, in a local area network (hereinafter, " LAN") 
complying with standards of Ethernet or IEEE802.3, in order to keep secret of 
5 the contents of packets transmitted/received between respective terminal 
devices (hereinafter, "nodes"), the contents of the packets to be transmitted 
from on a node on a transmitting side are encrypted by a predetermined 
encryption system so as to be transmitted to a node of a destination node, and 
the received and encrypted packets are decrypted and restored into original 

10 data contents on the node on receiving side of the destination. 

[0003] The encryption system is a technique that converts information 
understandable by anybody into meaningless code texts based on a 
predetermined encryption key (simply "key"), and decrypts the code texts 
using the same encryption key used in the encryption so as to restore them 

15 into the original information (referred to as "decoding"). 

[0004] In general, a common key encryption system such as a DES encryption 
method and an FEAL encryption method complying with standard encryption 
are known as the encryption system. In the common key encryption system, 
identical encryption key and decoding key are shared between transmitters 

20 and receivers, and data are encrypted and decoded (restored) by using the 
common key. 
[0005] 

[Problem to be Solved by the Invention] However, since the encryption of 
packets for keeping communication secrets is not standardized in the above 
25 conventional LAN, the contents of the packets should be encrypted at a node 
on a transmitting side so as to be transmitted, and the encrypted data 
contents of the received packets should be decrypted so as to be restored into 
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the original data at a node on a receiving sides. 

[0006] Therefore, a processing load is put on the respective nodes, and further 
when the encryption key and the encryption system (decryption method) are 
changed, the settings of all the nodes on LAN should be changed. This is very 
5 inconvenient. 

[0007] Further, in a local network environment, since a network is in a 
managed state or is easily managed, reliability of the network is high. 
However, communication is enabled between a plurality of terminal devices in 
a plurality of networks via an external network, routes of networks through 
10 which data are transmitted/received and reach a destination cannot be 

obtained. For this reason, there arises a problem that the data contents may 
be intercepted by outsiders on such routes. 

[0008] The present invention is devised in view of the above point, and its 
object is to enable data to be encrypted and transmitted/received between 
15 terminal devices without encrypting and decoding in the respective terminal 
devices. 
[0009] 

[Means for Solving the Problem] In order to achieve the above object, the 
present invention provides a local area network where a plurality of terminal 

20 devices is connected by a network so that data can be transmitted/received 
between the terminal devices, the network comprising an encryption server 
having a unit for converting original data transmitted from the terminal 
device of a transmitting source into encrypted data so as to return it to the 
terminal device as the transmitting source, decrypting the encrypted data 

25 transmitted from the terminal device of a receiving destination and restoring 
it into the original data so as to return the original data to the terminal device 
of the receiving source. 
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[0010] Further, the invention provides a local area network where a plurality 
of networks is connected so that data can be transmitted/received between a 
plurality of terminal devices, each of the networks comprising an encryption 
server having a unit for converting original data transmitted from a terminal 
5 device of a transmitting source into encrypted data so as to transmit the 
encrypted data to a terminal device of a receiving destination of different 
network, decrypting the encrypted data received from different network and 
restoring it into the original data so as to transmit the original data to the 
terminal device of the receiving destination. 

10 [0011] Further, in the above local area network, each of the terminal devices 
has a unit for transmitting an encryption key necessary for encrypting or 
decrypting data to the encryption server, and the encryption server has a unit 
for encrypting or decrypting the data based on the encryption key received 
from each of the terminal devices. 

15 [0012] 

[Function] In the local area network of the present invention, the encryption 
server provided to the network converts original data transmitted from the 
terminal device of the transmitting source into encrypted data and returns it 
to the terminal device of the transmitting source, decrypts the encrypted data 

20 transmitted from the terminal device of the receiving destination so as to 

restore it into the original data, and returns the original data to the terminal 
device of the receiving destination. For this reason, the data can be 
encrypted and transmitted/received between the terminal devices without 
encrypting and decrypting the data in the respective terminal devices. 

25 [0013] Further, each of the encryption servers provided to a plurality of 
connected networks convert original data transmitted from the terminal 
device of the transmitting source into encrypted data so as to transmit it to a 
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terminal device of the receiving destination in different network, and decrypts 
the encrypted data received from the different network so as to restore it into 
the original data, and transmits the original data to the terminal device of the 
receiving destination. For this reason, the data can be encrypted and 
5 transmitted/received between terminal devices in the respective networks 
without encrypting and decoding the data in the respective terminal devices. 
[0014] Further, each of the terminal devices transmits an encryption key 
necessary for encrypting and decrypting data to the encryption server, the 
encryption server encrypts or decrypts the data based on the encryption key 
10 received from each of the terminal devices. As a result, the encryption and 
decoding can be performed according to the encryption method based on the 
encryption key. 
[0015] 

[Embodiments] Embodiments of the present invention are described 
15 concretely below with reference to drawings. Fig. 1 is a diagram illustrating 
a system structure of a local area network (LAN) according to one embodiment 
of the present invention. This local area network uses a TCP/IP protocol. 
This local area network includes three IP networks NET-1, NET-2 and 
NET-3. 

20 [0016] The IP network NET-1 is connected to terminal devices (nodes) A and B 
containing a microcomputer composed of CPU, ROM and RAM, and is 
connected to an encryption server SI that is one kind of a terminal device 
having a microcomputer and encrypts and decrypts (restores) data of the 
nodes A and B, and is connected to a router (referred to as "gateway") Rl for 

25 routing a packet between two networks. 

[0017] Further, the IP network NET-2 is connected to routers R2 and R3 for 
routing a packet between two networks. Further, the IP network NET-3 is 
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connected to a node C containing a microcomputer, and is connected to an 
encryption server S2 that is one kind of a terminal device containing a 
microcomputer and encrypts and decrypts (restores) data of the node C. The 
IP network NET- 3 is connected to a router R4 for routing a packet between 
5 two networks. 

[0018] The routers Rl and R2 are connected by a network NET- 4, and the 
routers R3 and R4 are connected by a network NET- 5, so that data can be 
transmitted/received between the nodes A, B and C of the IP networks NET-1 
and NET-3. At this time, the encryption servers SI and S2 can encrypt the 
10 data and can decode the received encrypted data (referred to as "encrypted 
communication"). 

[0019] The encryption servers SI and S2 have a unit for converting original 
data transmitted from a terminal device of a transmitting source into 
encrypted data so as to return the encrypted data to the terminal device of the 

15 transmitting source, and decrypting the encrypted data transmitted from a 
terminal device of a receiving destination and restoring it into the original 
data so as to return the original data to the terminal device of the receiving 
destination. In this case, the same encryption key and the same encryption 
algorithm are used for the encryption and the decryption. 

20 [0020] Fig. 2 is a flowchart illustrating a flow of data when encrypted 

communication is held from the node A of the IP network NET-1 to the node C 
of the IP network NET-3. The case where an encryption key (key code) of the 
encryption servers SI and S2 is fixed is described. 

[0021] At first, at the time of initialization, the node A registers an address of 
25 the encryption server Si in the local area network, and the node C registers an 
address of the encryption server S2 in the local area network. 
[0022] When transmission for one packet is requested, the node A sets an 
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"encryption request flag" for the encryption server SI, so as to transmit raw 
data. The encryption server SI encrypts the raw data received from the node 
A using an encryption key according to a preset encryption method, and sets 
an "encrypted flag" so as to return the data to the node A. 
5 [0023] The node A adds information representing the encrypted data to the 
encrypted data received from the encryption server SI, and transmits 
(transfers) the encrypted data to the node C of the IP network NET-3. The 
information representing the encrypted data may he stored in a header 
section of the packet. 

10 [0024] On the other hand, the node C checks the header section of the packet 
received from the node A, and when the information representing the 
encrypted data is stored, it determines that the packet is the encrypted data. 
The node C sets a "decryption request flag" for the encrypted data, and 
transfers the encrypted data to the encryption server S2. The encryption 

15 server S2 decrypts and restores the encrypted data received from the node C 
using the encryption key, and sets a "decrypted flag" so as to return the 
restored data to the node C. The node C acquires the restored data from the 
encryption server S2. 

[0025] In such a manner, the encryption servers for encrypting and decrypting 
20 data are provided to respective networks, and the encryption servers 
collectively encrypt and decrypt data transmitted/received to/from the 
respective terminal devices on the networks. For this reason, each of the 
respective terminal devices does not have to encrypt and decrypt the data. 
[0026] Fig. 4 is a diagram illustrating a format of the IP header of the packet, 
25 and Fig. 5 is a diagram illustrating a format of an "Options" field of the IP 
header. The encryption request flag, the encrypted flag, the decryption 
request flag and the decrypted flag are defined on an option area of the 
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"Options" field of the IP header. 

[0027] Table 1 is a table illustrating one example of option data, and 
respective flags are, for example, the encryption request flag "0", the 
encrypted flag "1", the decryption request flag "3" and the decrypted flag "4". 



5 [0028] 
[Table 1] 



Class 


Number 


Length 


Function 


0 


0 


1 


End of Option List 


0 


1 


1 


NOP (No Operation) 


0 


2 


11 


Restriction on Security and Process 


0 


3 


Variable 


Loose Source Routing 


0 


9 


Variable 


String Source Routing 


0 


7 


Variable 


Record Route 


0 


8 


4 


Stream Identifier 


2 


4 


Variable 


Time Stamp 


1 


1 


1 


Flag 

0: Encryption Request 
1: Decryption Request 
2: Encrypted 
3: Decrypted 



[0029] An example where when the encrypted communication is held from the 
node A of the IP network NET-1 to the node C of the IP network NET-3, an 
encryption key for encrypting and decrypting data is transmitted to the 
10 encryption servers Si and S2 is described below. 

[0030] In this case, the nodes A and C have a function for transmitting the 
encryption key for encrypting or decrypting data to the encryption servers Si 
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and S2. The encryption servers SI and S2 have a function for performing the 
encryption and decryption methods using a plurality of encryption keys, and 
they encrypt and decrypt data using the encryption keys transmitted from the 
nodes A and C. 

5 [0031] At first, the node A holds initialization communication that 

standardizes an encryption key necessary for exchanging encrypted data with 
the node C. This initialization communication provides the encryption key of 
the same encryption method to the nodes A and C. 

[0032] When original data is transmitted from the node A to the encryption 
10 server SI, the encryption key is attached, and the encryption server SI 

encrypts the original data using the encryption key. Further, at the time of 
decrypting the encrypted data, the node C attaches the encryption key when 
requesting the encryption server S2 to decrypt the encrypted data, and the 
encryption server S2 restores the encrypted data using the encryption key. 
15 The encryption key is defined in "option data" of the IP header shown in Figs. 
4 and 5, for example. 

[0033] When transmission request of one packet is generated, the node A sets 
the "encryption request flag" for the encryption server SI, and transmits raw 
data together with the encryption key. The encryption server SI encrypts the 

20 raw data received from the node A according the encryption method using the 
encryption key, sets the "encrypted flag" and returns the data to the node A. 
The node A transmits (transfers) the encrypted data received from the 
encryption server SI to the node C of the IP network NET- 3. 
[0034] On the other hand, when the node C receives the encrypted data from 

25 the node A, it sets the "decryption request flag" and transmits the encrypted 
data as well as the encryption key to the encryption server S2. The 
encryption server S2 restores the encrypted data received from the node C 
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according to the decryption method using the encryption key, and sets the 
"decrypted flag" so as to return the restored data to the node C. The node C 
obtains the restored data from the encryption server S2. Therefore, in this 
LAN, a key code is variable. 
5 [0035] An example, that when the encrypted communication is held from node 
A of the IP network NET-1 to the node B, the encryption key for encrypting 
and decrypting data is transmitted to the encryption server SI, is described 
below. 

[0036] When transmission request for one packet is generated, the node A sets 
10 the "encryption request flag" for the encryption server SI, and transmits raw 
data as well as an encryption key. The encryption server SI encrypts the raw 
data received from the node A according to the encryption method using the 
encryption key, and sets the "encrypted flag" so as to return the data to the 
node A. The node A transmits (transfers) the encrypted data received from 
15 the encryption server SI to the node B. 

[0037] On the other hand, when the node B receives the encrypted data from 
the node A, it sets the "decryption request flag" and transfers the encrypted 
data as well as the encryption key to the encryption server Si. The 
encryption server SI restores the encrypted data received from node B 
20 according to the decryption method using the encryption key, and sets the 

"decrypted flag" so as to return the restored data to the node B. The node B 
obtains the restored data from the encryption server SI. 

[0038] In such a manner, when each terminal device requests the encryption 
server to encrypt and decrypt data, each of them transmits the encryption key 
25 necessary for the encryption and decryption together with the data, and the 
encryption server encrypts and decrypts the data according to the encryption 
method using the encryption key. For this reason, each of the terminal 
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devices can easily utilize the data transmission/reception according to various 
encryption methods. Further, since each node can freely set an encryption 
key and can select the encryption method for data, the secrecy of the data 
communication can be further heightened. 
5 [0039] An example of the encrypted communication when a network routing 
function is provided to the encryption server is described below. The network 
structure in this case is the same as that of the local area network shown in 
Fig. 1, but the functions of the nodes A, B and C and the encryption servers SI 
and S2 are slightly different. 

10 [0040] The encryption servers SI and S2 in this example has a unit for 
converting original data transmitted from the terminal device of the 
transmitting source into encrypted data so as to transmit the encrypted data 
to the terminal device of the receiving destination in different network, and 
decrypting the encrypted data received from another network so as to restore 

15 it into the original data and transmit it to the terminal device of the receiving 
destination. 

[0041] Therefore, a network routing function (router) of a network layer is 
provided to the encryption servers SI and S2, and the encryption server SI 
functions as a node that is a substitute for the node A at which ARP is 

20 implemented. 

[0042] In an IP network, a plurality of routers can be provided to one network, 
and in actual communication, a physical address (MAC address) is obtained 
from an IP address according to an address resolution protocol (ARP), and a 
communication destination is specified by the physical address so that 

25 communication is held (data link layer). Normally, the physical address that 
is returned from the communication destination is used, but a different node 
can return it. This is called as the substitute ARP. 
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[0043] Each network is provided with an encryption server having a network 
router function and a substitute response function for receiving a packet 
instead of a receiving node. A transmitting node of the network on a 
transmitting side sends only data whose communication secret is desired to be 
5 kept to the encryption server, and encryption server converts the data into the 
encrypted data so as to transmit the data to a network of a receiving 
destination of this data using the network router function. 
[0044] On the other hand, the encryption server of the network on the 
receiving side receives the packet (encrypted data) transmitted from the 
10 network on the transmitting side using the substitute response function for 
receiving the packet instead of the receiving node, and restores the packet so 
as to transmit the restored data to the receiving node. 

[0045] Fig. 3 is a flow chart illustrating a flow of data when the encrypted 
communication is held between the node A of the IP network NET-1 to the 

15 node C of the IP network NET-3. The case where an encryption key (key 
code) of the encryption servers SI and S2 is fixed is described. 
[0046] The node A registers an address of the encryption server SI of the local 
area network at the time of initialization, and the encryption server SI is used 
as a default router for carrying out substitute transmission/reception. 

20 Further, the node C registers an address of the encryption server S2 of the 

local area network at the time of initialization, and the encryption server S2 is 
used as a default router for carrying out substitute transmission/reception. 
[0047] Therefore, the encryption server SI intercepts the data to be 
transmitted to the node A as the substitute ARP of the node A, and similarly 

25 the encryption server S2 functions as the node for implementing the 

substitute ARP of the node C to intercept the data to be transmitted to the 
node C. 
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[0048] At the time of the data transmission from the node A to the node C, the 
node A transmits raw data to the encryption server SI. The encryption 
server SI encrypts the raw data and sets the "encrypted flag" so as to transmit 
the encrypted data to the router Rl. The encrypted data is transmitted to the 
5 routers Rl, R2, R3 and R4 in this order, and then to the encryption server S2 
substitute for the node C. 

[0049] The encryption server S2 receives and decrypts the encrypted data, and 
finally transmits it to the node C. The node C receives the encrypted data 
transmitted by the node A from the encryption server S2 as the restored data. 

10 [0050] As to the routing function of the encryption server SI according to the 
second embodiment, it is only necessary to transmit all received packets to the 
router Rl. As to the routing function of the encryption server S2, it is only 
necessary to transmit all received packets to the router R2. 
[0051] In such a manner, in the case of the packet communication between a 

15 plurality of networks, namely, in the case where data is sent to a receiving 
destination node of an external network, when the node on the transmitting 
side specifies the receiving destination node and transmits data whose 
communication secret is desired to be kept to the encryption server, the 
encryption server directly communicates with the network of the receiving 

20 destination node. 

[0052] Therefore, the node on the transmitting side does neither request the 
encryption server to encrypt data nor transmit the encrypted data to the 
receiving destination node, so that the exchange of the data with the 
encryption server can be simplified. That is to say, the time and traffic for 

25 one reciprocation required for exchanging the data between the node and the 
encryption server can be saved, and the processing load on the node on the 
transmitting side can be reduced, thereby securing the high-speed 
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performance and efficiency of the data communication. 
[0053] The node on the receiving side can receive the encrypted data 
transmitted from the node on the transmitting side hy the encryption server 
connected to a self network as the restored data. For this reason, the time 
5 and traffic for one reciprocation required for exchanging the data between the 
node and the encryption server can be saved similarly, and the processing load 
put on the node on the receiving side can be saved, thereby securing the 
high-speed performance and efficiency of the data communication. 
[0054] 

10 [Effect of the Invention] As described above, in the local area network 

according to the present invention, the encryption and decoding of data are 
performed not by each terminal device of the network but by the encryption 
server in a centralized manner. For this reason, the processing load put on 
each terminal device can be reduced, and it is only necessary to change the 

15 settings of the encryption server at the time of changing the encryption key 
and the encryption method in the network. As a result, a complicated 
operation for changing the settings of each terminal device does not have to be 
performed, and thus the network can be easily managed. 

[0055] When the communication can be held between the terminal devices in 
20 a plurality of networks via an external network, even if data is 

transmitted/received through any network routes, the data contents are not in 
danger of being intercepted by outsiders on such routes. 

[0056] Further, each terminal device in the networks transmits an encryption 
key necessary for the encryption or decryption of data to the encryption server, 
25 and the encryption server encrypts or decrypts the data based on the 

encryption key received from each terminal device, so that various encryption 
methods can be easily utilized. 
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[Brief Description of the Drawings] 

[Fig. 1] Fig. 1 is a diagram illustrating a system structure of a local area 
network (LAN) according to one embodiment of the present invention. 
[Fig. 2] Fig. 2 is a flowchart illustrating a flow of data when encrypted 
5 communication is held from a node A to a node C in Fig. 1. 

[Fig. 3] Fig. 3 is a flowchart illustrating a flow of data when the encrypted 
communication is held from the node A to node C by using a routing function 
of encryption servers SI and S2 in Fig. 1. 

[Fig. 4] Fig. 4 is a diagram illustrating a format of an IP header of a packet 
10 transmitted/received between the nodes. 

[Fig. 5] Fig. 5 is a diagram illustrating a format of an "Options" field of the IP 
header. 

[Explanations of Letters or Numerals] 
A to C: terminal device (node) 
15 SI, S2: encryption server 
Rl to R4: Router 
NET-1 to NET-3: IP network 
NET-4, NET- 5: network 

20 FIG. 1 

1: ENCRYPTION SERVER 

2: NODE 

3: ROUTER 

FIG. 5 
25 1: OPTION TYPE 

2: OPTION LENGTH 

3: OPTION DATA 
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FIG. 2 

1: NODE A 

2: ENCRYPTION SERVER Si 
3: NODE C 
5 4: INITIALIZE 

5: REGISTER ADDRESS OF ENCRYPTION SERVER S2 OF LOCAL 
NETWORK 

6: ENCRYPTION SERVER S2 
7: INITIALIZE 

10 8: REGISTER ADDRESS OF ENCRYPTION SERVER Si OF LOCAL 
NETWORK 

9: TRANSMIT ONE PACKET 

10: SET ENCRYPTION REQUEST FLAG FOR PACKET HEADER 
11: TRANSMIT TO ENCRYPTION SERVER Si 
15 12: RECEIVE 
13: ENCRYPT 

14: SET ENCRYPTED FLAG 
15: TRANSMIT TO NODE A 
16: TRANSMIT TO NODE C 
20 17: WHILE PASSING THROUGH EXTERNAL NETWORK, DATA IS 
BEING ENCRYPTED. 

18: TRANSMIT TO ENCRYPTION SERVER S2 
19: SET DECRYPTION REQUEST FLAG 
20: DECRYPT 
25 21: SET DECRYPTED FLAG 
22: TRANSMIT TO NODE C 
FIG. 3 
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1: NODE A 

2: ENCRYPTION SERVER Si 
3: ENCRYPTION SERVER S2 
4: NODE C 

5 5: AT THE TIME OF INITIALIZATION: USE DEFAULT ROUTER AS 
ENCRYPTION SERVER Si 
6: TRANSMIT 

7: TRANSMIT TO ENCRYPTION SERVER Si 

8: RECEIVE 
10 9: ENCRYPT 

10: SUBSTITUTE RECEPTION OF NODE C 

11: DATA IN THIS ZONE IS ENCRYPTED. 

12: EXTERNAL NETWORK 

13: DECRYPT 
15 14: TRANSMIT TO NODE C 

15: END 
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